def test_execute_unauthorized_request(self):
forbidden_sql_keywords = native.get_forbidden_sql_keywords()
for forbidden in forbidden_sql_keywords:
with self.assertRaises(PermissionDenied):
unauthorized_request = _generate_fake_text_starting_with_keyword(
forbidden)
native.execute(unauthorized_request)
def data_maintenance(request):
if not _is_sql_data_management_enabled():
raise PermissionDenied(
"SQL data management is not enabled in this environment")
sql_command = request.POST.get('sql_command')
results = native.execute(sql_command)
forbidden_sql_keywords = native.get_forbidden_sql_keywords()
sql_readonly = native.get_sql_data_management_readonly()
return layout.render(
request, "admin/data_maintenance.html", {
'section': 'data_maintenance',
'sql_command': sql_command,
'results': results,
'sql_readonly': sql_readonly,
'forbidden_sql_keywords': forbidden_sql_keywords
})
def test_execute_write_sql_with_readonly_flag(self, mock_sql_readonly):
mock_sql_readonly.return_value = True
with self.assertRaises(InternalError):
native.execute("UPDATE base_person set last_name='Toto'")